Four minds, five stories in security of 2014

In the final webcast of 2014, IT Security Guru editor Dan Raywood will be joined by three of IT security’s greatest minds to discuss some of the top stories of the year, and understand what the failings were, what we learned and how we will not make the same mistakes again.

Looking at the emergence of Point of Sale malware, the threat of ransomware and major takedowns, we will be joined by Brian Honan, Neira Jones and Bob Tarzey for this look back at the year and look forward to yet another big year in information security.

Takeaways:

•Learn about how the story unravelled and what impact it had upon users
•How not to be a victim to one of these threats
•What are we learning about security from these stories, and what will we learn and improve on next year

In this session, we’ll look at some of the characteristics that make a cyber-security personality – they don’t always need to follow convention. Brian Higgins from ISC2 will chair the event as we hear from the National Autistic Society, Thomas who is visually impaired and getting his start up off the ground and Tania a computing teacher for neuro diverse young people.

session will look at how employers are going about recruiting people creatively and what they’re doing to find the right talent and what incentives they’re putting in place to retain and grow their current staff.

Ransomware presents some unique challenges to organizations, regardless of the size, industry or geography. However, it has very distinct behavior relative to other kinds of malware. It actually tells you that an attack has taken place. From a defender's point of view, being alerted to an attack is far better than having it stay undetected in your systems. During this presentation, John Cloonan, head of products at Lastline, will review:

How could AI potentially save the cyber-security industry – Peter Warren, journalist and thought leader on AI, will chair this session on how AI should be in the interest and control of the people for the people – and how it will impact on businesses from a legal perspective.

Speakers include: Pete Warren, Chairman at Cyber Security Research Institute and Andrew Jones, Professor of Cyber Security at University of Hertfordshire.

This session will look at what is available to make the UK an attractive place to start-up and grow a successful cyber-security company. It will look at regional development grants for areas such as Wales, Bristol and Ireland as well as grants, accelerator programmes and other incentives available.Speakers include: Shane Wickramasuriya, Operations Manager, CyLon; David Howorth, Head of EMEA, AlertLogic; Andrew Mulvenna, founder of Brightpearl and Mike Spain, Operations Director, Cyber Growth Partnership.

This first session will be based around the Global Workforce Study which shows the real numbers that expose the challenges facing UK companies in the wake of a global cyber-security shortfall. How can the UK become a haven for cyber-security and compete against the rest of the world for the best talent? What are the answers to building a viable, strong and competent cyber-security team? Is there enough being done to home-grow our own cyber-security workforce or will we need to talent from overseas and is that even possible with the challenges Brexit will bring?

Ransomware attacks are globally pervasive, and only getting worse for retailers, hospitals and a number of other businesses. The number of strains of Ransomware is infinite, with more and more advanced versions coming to light every day, but the vectors through which attacks occur remain the same. 90% of malware is delivered via web and email, with dynamic web content dramatically increasing the risk to users. Of the top 50 most visited US sites in 2016, 42% were found to be running vulnerable versions of web-software code. Traditional approaches to cyber security are failing – distinguishing the good from the bad is no longer a reliable option and has a very costly impact on enterprises. One approach that has been developed to tackle the constantly evolving threat landscape is Isolation, which assumes that all active content poses a risk.

Greg Maudsley, Senior Director, Product Marketing at Menlo Security will highlight the steps that must be taken to raise awareness of the reality of the Ransomware threat, and discuss the best ways in which to tackle this.

2016 is turning out to be a landmark year in terms of Ransomware and there’s no sign of these threats slowing down any time soon. Ransomware is not new, it is just getting more sophisticated and is inflicting major damage to companies, organisations and individuals, shaping up to be a frighteningly lucrative year for cybercriminals, where any person with a computer can be exploited and used as a revenue source with the potential for vast profits.

Learn how Cylance have revolutionized the industry by utilizing data science and security experts to provide a next-generation cybersecurity technology that proactively prevents, rather than detects the execution of advanced persistent threats and malware in real time before they ever cause harm.

Many enterprise applications run on a CMS platform to enable administrators and editors to build and update content quickly. While many of these systems have great built-in security features, there's a lot that can go wrong when a site is left vulnerable to attackers. In this webinar, Kentico Technical Evangelist Bryan Soltis will discuss many of the areas of your CMS that, when left unchecked, can expose your site to hackers, and what to do if you've already been hacked.

The EU General Data Protection Regulation (GDPR) is the biggest change to data protection law in the world since the late 90’s. Every aspect of the old law has been overhauled and modernised. Businesses trading with the EU or handling EU citizens private data will need to comply with the GDPR come 25th May 2018. This mean almost all British organisations will have to adapt to the EU GDPR despite the latest Brexit vote. Accordingly, companies will be fully accountable for implementing a comprehensive data governance policy and appropriate security mechanisms. Non-compliance can result in fines of up to €20 million or 4% of a company's global annual turnover, whichever is greater.

The adaption process to the EU GDPR won’t be simple and easy one. It will take time and energy from businesses, especially SMBs. During this webinar we give the chance to understand the biggest changes to the current law, and learn the essential steps business need to get in place to be ready come May 2018. With the webinar's open and live format, you will have ample opportunity to engage in Q&A with our data privacy and security experts.

Open Source Software is now broadly used in the development of software applications. The ability to reuse components of code already created allows development teams to create more code, with more functionality, faster. It also promotes the adoption of standards and makes applications more interoperable.
Although Open Source Software components typically require no licensing fee, it does come at a cost. This cost is uncertainty – or perceived uncertainty in many cases. Most software developers will be meticulous about what components they use from the perspective of functionality as they want to build code that works.

However those Open Source Software components could have inherent business risks associated with them such as Legal/IP compliance, security vulnerabilities and operational risk. IP Investors, cyber insurance companies and business management are becoming aware of the need for demonstrable controls to be in place to mitigate these risks.

This talk will discuss strategies organisations continuous compliance culture which will manage the risks without impacting technical innovation. These strategies can be leveraged by both organisations implementing open source based solutions or by technical organisations are creating open source based solutions

As more and more internet-enabled devices hit the market, securing these devices and our personal data is becoming an increasingly difficult task. Additionally, as more and more businesses make use of cloud-based services, new opportunities for criminals to exploit these services are appearing at a rapid pace as cybercrime becomes one of the most lucrative forms of crime we have ever seen. What cyberthreats will we start to see more of in the coming years? And what tactics will start to disappear?

In this webinar, Greg Iddon, Security Specialist at Sophos, will explore the future of cybercrime based upon the views and trends observed by members of Sophos and researchers at Sophos Labs, as well as how businesses and consumers can protect themselves from the threats and risks of tomorrow.

Too often security has been hampered by complexity and incomprehensibility. What people don't understand they mistrust and when they become inconvenienced they look for alternatives or switch off. This webinar will explain the workings of complex security solutions in simple terms. It will help unravel the complexities and show how simple yet comprehensive, all-inclusive security systems are the key to a working solution!

In this webinar Paul Williams of Cloudview looks at the three principles of developing effective security products under the theme of mind, body and spirit. The webinar will cover:
•Mind – why security needs to be at the heart of everything that a business does, and how to ensure that it is embedded in all aspects of product design
•Body – ensuring that products fulfil user needs of usability and trustworthiness
•Spirit – why simplicity is the key. This means understanding user needs, designing products to meet them and then getting out of the way i.e. avoiding overdesign or adding unnecessary features.

With all of the hype around security of late, you’d be forgiven for thinking that you’re too small to matter in the grand scheme of cyber security. This complacency, however, is one of the major issues facing the safety of our businesses today. While companies should be responsible for the overall safety of employee and customer data, there are things you can and should be doing to help. When we’re all battling the same criminals with the same end goal, no one is too insignificant to matter.

Cesare Garlati, chief security strategist for the prpl Foundation, will host a webinar discussing the security risks presented by today’s highly-connected smart home, why the IoT is so easy to exploit, and how consumers can protect themselves.

Enabling a highly connected and mobile workforce means shifting the attack vectors that organisations must protect from cyber criminals. And although businesses recognise that requires the modernisation of security protocols with best of breed cloud solutions, many are struggling to adapt due to traditional on premise security mind-sets. How can today’s businesses overcome today’s security concerns, and how can doing so enable them to become more agile?

Both information security and compliance are critical to tackling the cyber-challenges facing organisations today. As with a happy marriage open communication, mutual respect and compromise are key to nurturing a security-conscious culture.

Despite working toward a common goal, we regularly see security personnel and employees at loggerheads with one another. This leads to disharmony, which culminates in an ineffective information security awareness program and therefore increased risk.

This webinar will:
•Challenge the notion that compliance and security are mutually exclusive;
•Consider the sweet spot for harmonious co-operation and establishing pragmatic approaches to secure working;
•Suggest a strategy for fostering a real shift in human behavior, which delivers more cyber resilient organisations.

Presenter: Dominic Saunders – CTO, NETconsent

Information security expert and CTO, Dom Saunders, has been at the centre of the information security industry since the late 1990s. He has a genuine enthusiasm for all things technical and a real passion for business process innovation.

With international security experience from systems integration to trusted advisor, he has a treasure trove of real-life security tales, which enrich his presentations. As founder of NETconsent, compliance and communications software vendor, Dom has consistently championed the human factor in securing organisations and is a strong advocate of security as a business enabler rather than barrier. He is on a mission to ensure information security becomes second nature in everything people do.

The rapid expansion of the cyber security market and awareness from businesses of the need for improved protection has driven great demand across the majority of cyber security skill sets. Organisations are struggling not only to attract security personnel in the first place, but to also then keep their teams together.

Ryan will utilise knowledge from his 8 years with Acumin to look at some of the specific areas of demand, how to ensure you don’t miss out on potential hires, and offer advice on retaining your staff.

In the last decade, cybercrime has industrialised. It’s no longer the preserve of a small number of skilled hackers. The webinar will focus on the industrialisation of cybercrime and will highlight how fraud, particularly identity fraud, is on the rise in the UK.

Tools for carrying out sophisticated cyber-attacks are now cheap, mass-produced, and easily accessible. Hacking communities, discussion groups and online walkthroughs are plentiful and easy to find. The raw material for crime - personal information - is available at low cost and neatly packaged for resale in online marketplaces. It really is possible for anyone, aged 8 to 80, to get involved if they want to.

Andy will warn that as more services move online, the opportunities for abusing stolen personal data increase. He will stress the need for greater communication and partnership between major fraud targets - financial institutions, utility companies, online retailers and the like - which can make the UK provide a strong stance against fraudsters and help to win the battle against cybercrime.

The webinar will cover and consider the evolving circumstances of data breach; the link between breaches and identity fraud; and the risks for those whose data is appropriated. Andy will explain why the response to data theft is currently inadequate; and identify some measures which could provide consumers with greater security and peace of mind, as well as the potential business benefits of doing so.

Our channel is aimed to give you the full picture. We will educate you on current topics of interest with the Editor of IT Security Guru hosting the webcasts, Dan Raywood. Guest speakers will join in on the debates with their own expert view and no intention of keeping it to themselves. Our aim is to give you all the information you need, for you to be able to come to your own conclusion.